Remote Management proxy forwards Remote Management operation requests from the Remote Management Viewer to a managed device. The proxy is useful when the viewer cannot directly access a managed device that is in a private network or on the other side of a firewall or router that is using NAT (Network Address Translation). As a prerequisite, the proxy must be installed on a Windows managed device or Linux device.
Review the following sections for information on installing and configuring the proxy:
If a managed device is on a private network or is on the other side of a firewall or router that is using Network Address Translation (NAT), the remote management operation of the device can be routed through a Remote Management proxy. The proxy can be installed on a Windows or Linux managed device. By default, the remote management proxy listens on port 5750.
For more information on the Remote Management proxy, see Section 1.4, Understanding Remote Management Proxy.
For information on the system requirements that a Windows or Linux managed device must meet to enable the proxy to be installed on the device, see Managed Device Requirements
in the
Review the following sections for information on installing the Remote Management proxy:
On the device, open the following ZENworks download page on a Web browser:
https://server/zenworks-setup
Replace server with the DNS name or IP address of a ZENworks Server.
In the left navigation pane, click
.Click novell-zenworks-rm-repeater-<version>.msi and save the file to a temporary location.
version is the version of the ZENworks product.
Install the proxy application by executing the following command:
msiexec /i novell-zenworks-rm-repeater-<version>.msi TARGETDIR="ZENworks_Installation_directoryā€¯.
The Remote Management proxy is designed to run automatically upon installation. You can choose to customize its behavior by modifying the default settings for the device. For more information on the Remote Management proxy settings, see Section 2.4.2, Configuring a Remote Management Proxy.
On the device, open the following ZENworks download page on a Web browser:
https://server/zenworks-setup
Replace server with the DNS name or IP address of a ZENworks Server.
In the left navigation pane, click
.Click novell-zenworks-rm-repeater-<version>.noarch.rpm.
Decide whether to immediately install the proxy or save the proxy RPM file to install it later.
To immediately install the proxy, click root password, then click .
to open the Remote Management Proxy with zen-installer, specify theTo save the proxy RPM file to the default download directory so that you can install it later, click
. To install the RPM, do one of the following:Click the proxy RPM file, specify the root password, then click .
Run the following command as a superuser or root user:
rpm -ivh novell-zenworks-rm-repeater-<version>.noarch.rpm
The Remote Management proxy is designed to run automatically on installation. You can choose to customize its behavior by modifying the default settings for the device. For more information on the Remote Management proxy settings, see Section 2.4.2, Configuring a Remote Management Proxy.
Copy the following files from a ZENworks Linux device to the proxy device:
/etc/opt/novell/zenworks/security/ca.cert
/etc/opt/novell/zenworks/security/rm.cert
(Conditional) If the Remote Management proxy has already been installed on the device, run the following command to restart the proxy:
/etc/init.d/nzrepeaterd restart
or
Install the proxy on the device. For more information on installing the proxy on the device, see Installing the Remote Management Proxy on a Linux Device.
When you install a Remote Management proxy on a device, certain settings are configured on the device, by default. You can choose to edit the settings.
On a Windows device, the registry settings for the Remote Management proxy are available at HKLM\SOFTWARE\Novell\ZCM\Remote Management\Proxy.
ClientPort: Specifies the port number that the proxy uses to listen for any remote session requests from the Remote Management Viewer. The default value is 5750.
SessionEncryption: Specifies whether the initial flow of data between the proxy and the Remote Management Viewer is encrypted. The default value is True. This setting is not applicable after the proxy establishes a connection with the managed device. The session encryption is then governed by the Remote Management policy and the preferences of the remote operator. You should mark this setting as True because setting it to False allows unauthenticated external processes other than the Remote Management Viewer to make connections to devices in the private network.
SSLClientAuthentication: Specifies whether the proxy should accept connection requests from a viewer that does not have a valid certificate. The possible values are True and False. The default value is True.
On a Linux Primary Server or Satellite Server, the settings for the Remote Management proxy are available in the /etc/opt/novell/zenworks/repeater/nzrepeater.ini file.
viewerport: Specifies the port number that the Remote Management proxy uses to listen for any remote session requests from the Remote Management Viewer. The default value is 5750.
runasuser: Specifies the user that the proxy should impersonate. The Remote Management proxy requires only user privileges to perform remote operations. The default value is zenworks. However, you can specify a different user.
strictimpersonation: Specifies if the remote session should continue as root when the user specified as the runasuser does not exist. The possible values are true and false. The default value is false, which indicates that the remote session continues as root when the user specified as the runasuser does not exist.
sslauth: Specifies whether SSL authentication is enabled or disabled. The possible values are 0 and 1. The default value is 1, which indicates that SSL authentication is enabled.
WARNING:Disabling SSL authentication is not recommended because it allows external processes to access the network devices without any authentication.
verifyViewerCert: Specifies if the Remote Management Viewer certificates needs to be verified. This setting is applicable only when SSL authentication is enabled. The possible values are 0 and 1. The default value is 1, which indicates that the Remote Management Viewer certificates must be verified. When a session is initiated from a stand-alone viewer, the remote operator might not have the required certificates that are chained to the root Certificate Authority. As a result, the proxy fails to connect to the server.
loggingenabled: Specifies whether the messages should be logged on the device. The possible values are true and false. The default value is true.
For information on other registry settings, see the /etc/opt/novell/zenworks/repeater/nzrepeater.ini file.